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Abstract: 

To provide a method for enabling faster, accurate ascertainment of status of an 
information system through use of inquiries submitted to members of an 
organization and an approach other than the inquiries. In step S1-1, inquiries are 
submitted to members of an organization, and answers to the inquiries are 
obtained. In step S1-2, the status of the information system is ascertained on the 
basis of the answers. In step S1-3, the information system is examined through 
use of an inspection tool through use of a network analyzer, thereby ascertaining 
the status of the information system. In step S1-4, the status of the information 
system ascertained in step S1-2 and the status of the information system 
ascertained in step S1-3 are merged. In step S1-5, on the basis of the 
thus-merged status of the information system, a security policy is established. 
The status of the information system is ascertained by utilization of inquiries and 
the result of inspection performed by use of the tool. Hence, the status of the 
information system can be ascertained accurately. 
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(54) Method and apparatus for ascertaining the status of an information system 



(57) To provide a method for enabling faster, accu- 
rate ascertainment of status of an information system 
tlirough use of inquiries submitted to members of an or- 
ganization and an approacli other than the inquiries. In 
step S1 -1 , inquiries are submitted to members of an or- 
ganization, and answers to the inquiries are obtained. 
In step SI -2, the status of the infomnation system is as- 
certained on the basis of the answers. In step S1 -3, the 
information system is examined through use of an in- 
spection tool through use of a network analyzer, thereby 



ascertaining the status of the information system. In step 
S1-4, the status of the information system ascertained 
in step Si -2 and the status of the information system 
ascertained in step 81-3 are merged. In step 81 -5, on 
the basis of the thus-merged status of the information 
system, a security policy is established. The status of 
the information system is ascertained by utilization of 
inquiries and the result of inspection performed by use 
of the tool. Hence, the status of the infomnation system 
can be ascertained accurately. 
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Description 

Background of the Invention 
Field of the Invention 

[0001 ] The invention relates to a method of ascertain- 
ing the status of an information system. The invention 
also relates to a method of establishing a security policy 
on the basis of an ascertained status of an information 
system. Further, the invention relates to a system and 
program to be used for ascertaining a status. 

Related Art 

[0002] The applicant has already proposed a system 
and method for establishing a security policy by means 
of ascertaining a status from answers to inquiries sub- 
mitted to members of an organization. 
[0003] However, submission of inquiries to members 
of an organization may become a time-consuming and 
complicated operation. Further, there may arise a case 
wliere answers are not necessarily correct; human 
memory is often vague and has a potential to produce 
misunderstandings or the like. 

[0004] Even when a computer system constituting an 
information system is inspected, difficulty is encoun- 
tered in ascertaining human arrangements. For in- 
stance, information about a manager of a certain server 
or information about a post having an authority to rewrite 
contents of certain information may be difficult to ascer- 
tain. 

[0005] Demand exists for the ability to ascertain the 
status of the information system of an organization by 
means of an approach other than a method of submitting 
inquiries to members of the organization, and to merge 
the thus-obtained status with the status obtained 
through inquiries. 

[0006] The invention has been conceived in view of 
such a problem and aims at providing a method of en- 
abling more accurate and immediate ascertainment of 
the status of an information system through use of in- 
quiries to be submitted to members of an organization 
and an approach other than inquiries. 

Summary of the Invention 

[0007] In orderto solve the problem, the invention pro- 
vides a method for ascertaining the status of an infor- 
mation system, comprising: 

a first step of ascertaining a first status of an infor- 
mation system by submitting inquiries to members 
of an organization and ascertaining the status of the 
information system of the organization on the basis 
of answers to the inquiries; 

a second step of ascertaining a second status of tine 
information system by inspecting the status of the 



information system of the organization through use 
of an inspection tool of the information system and 
ascertaining the status of the information system on 
the basis of a result of the inspection; and 
5 an integration step of merging the first information 

system status and the second information system 
status, thereby establishing the status of the infor- 
mation system of the organization. The integration 
step further comprises the steps provided below: 

[0008] Specifically, the integration step comprises 

a consistency inspection step of comparing the 
first information system status with the second informa- 
tion system status and separating an inconsistent mat- 
ter from consistent matters; 

a display step of displaying the inconsistent matter 
and enabling entry of a choice made by the user in con- 
nection with the inconsistent matter, thereby obtaining 
a result selected by the user; and 

a synthesis step of merging the consistent matters 
and the result of selection made by the user. 
[0009] By means of such a configuration, an inspec- 
tion tool as well as inquiries are used. Hence, there is 
obviated a necessity for submitting inquiries with regard 
to an item which can be examined through use of an 
inspection tool. Further, a user can ascertain an object 
to be selected by means of the display step. Hence, the 
user can select an appropriate object from displayed 
contents. 

[001 0] Preferably, the inspection tool is a program for 
inspecting the configuration of the information system. 
[0011] The invention also provides a method for es- 
tablishing a security policy on the basis of a status as- 
certained by the method of ascertaining the status of an 
information system that has been described thus far. 
[001 2] By means of the configuration, there is obviat- 
ed a necessity for submitting inquiries with regard to an 
item which can be examined through use of an inspec- 
tion tool. As a result, a time can be saved, thus enabling 
establishment of a more appropriate security policy. 
[0013] The invention also provides an integration de- 
vice for performing processing pertaining to an integra- 
tion step in the method of ascertaining an information 
system, comprising: 

consistency inspection means which compares a 
first status of the information system with a second 
status of the information system, thereby separat- 
ing an inconsistent matter from consistent matters; 
display means for displaying the inconsistent matter 
and enabling a user to enter a choice with regard to 
the inconsistent matter; and 
synthesis means for merging the consistent matters 
with a result of choice made by the user. 

[0014] Such an integration device enables execution 
of integration processing on the basis of a choice en- 
tered by the user. 
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[0015] The invention also provides a progrann for 
causing a computer to execute processing pertaining to 
an Integration step in the nnethod for ascertaining the 
status of an information system, wherein the program 
causes the computer to execute 

processing pertaining to a consistency inspection 
procedure for comparing a first status of the information 
system with a second status of the information system, 
thereby separating an inconsistent matter from consist- 
ent matters; 

processing pertaining to a display procedure for 
displaying the inconsistent matter and inputting a choice 
made by the user; and 

processing pertaining to a synthesis procedure for 
merging the consistent matters with a result of choice 
made by the user. 

[0016] The Invention also provides a computer-read- 
able recording medium in which is recorded a program 
for causing a computerto execute processing pertaining 
to an integration step In the method of ascertaining the 
status of an information system, wherein 

the program causes the computer to execute 
processing pertaining to a consistency inspection 
procedure for comparing a first status of the information 
system with a second status of the information system, 
thereby separating an inconsistent matter from consist- 
ent matters; 

processing pertaining to a display procedure for 
displaying the inconsistent matter and inputting a choice 
made by the user; and 

processing pertaining to a synthesis procedure for 
merging the consistent matters with a result of choice 
made by the user. 

[0017] By means of the invention, the computer can 
be operated as the integration device, thereby effecting 
the same working-effect as that yielded by the integra- 
tion device. 

[0018] To solve the problem, the invention also pro- 
vides a method of ascertaining the status of an Informa- 
tion system including: 

a first step of submitting inquiries to members of an 
organization and ascertaining the status of an infor- 
mation system of the organization on the basis of 
answers to the inquiries; 

a second step of examining the status of the infor- 
mation system of the organization through use of 
an information system inspection tool, thereby as- 
certaining the status of the information system of 
the organization on the basis of a result of the In- 
spection; and 

an integration step of merging a first status of the 
information system and a second status of the in- 
formation system, thereby establishing the status of 
the Information system of the organization, wherein 
the integration step comprises 

a consistency inspection step of comparing 
the first status of the information system with the 



4 

second status of the information system, to thereby 
determine 

(1) an inconsistent matter, 

5 (2) consistent matters; that is, consistent mat- 

ters which pertain to only the first status of the 
Information system but notto the second status 
of the same, and consistent matters which per- 
tain to only the second status of the information 

10 system but not to the first status of the same, 

as well as to thereby separate the inconsistent 
matter from the consistent matters; 

a display step of displaying the inconsistent 
IS matter and enabling a user to enter a choice with 
regard to the inconsistent matter; and 

a synthesis step of merging the consistent 
matters with a result of choice made by the user. 

20 [0019] By means of such a configuration, an inspec- 
tion tool as well as inquiries are used. Hence, there Is 
obviated a necessity for submitting inquiries with regard 
to an item which can be examined through use of an 
inspection tool. Further, a user can ascertain an object 
25 to be selected by means of the display step. Hence, the 
user can select an appropriate object from displayed 
contents. 

[0020] The invention also provides a method of estab- 
lishing a security policy on the basis of a status ascer- 
30 talned by means of the method of ascertaining the status 
of an information system that has been described thus 
far. 

[0021] By means of the configuration, there is obviat- 
ed a necessity for submitting inquiries with regard to an 
35 item which can be examined through use of an inspec- 
tion tool. As a result, a time can be saved. One item is 
inspected by an inspection tool as well as through in- 
quiries. Hence, a more accurate information system sta- 
tus is obtained, and a more appropriate security policy 
40 can be established on the basis of an accurate status. 
[0022] The invention also provides an integration de- 
vice for performing processing pertaining to an Integra- 
tion step in the method of ascertaining the status of an 
information system that has been described thus far, 
45 comprising: 

consistency inspection means for comparing the 
first status of the information system with the sec- 
ond status of the Information system, to thereby de- 
50 termlne 
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(1) an inconsistent matter, 

(2) consistent matters; that is, consistent mat- 
ters which pertain to only the first status of the 

55 information system but notto the second status 

of the same, and consistent matters which per- 
tain to only the second status of the information 
system but not to the first status of the same. 
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as well as to thereby separate the inconsistent 
matter from the consistent matters; 

display means for displaying the inconsistent matter 
and enabling a user to enter a choice with regard to 
the inconsistent matter; and 
synthesis means for merging the consistent matters 
with a result of choice made by the user. 

[0023] By means of such an integration device, the 
first status of the information system and the second sta- 
tus of the same can be merged. In relation to an item for 
which inconsistencies are present, integration process- 
ing can be performed on the basis of a choice made by 
the user. 

[0024] The invention also provides a program for 
causing a computer to perform processing pertaining to 
an integration step in the method for ascertaining the 
status of an information system as defined in claim 7, 
wherein 

the program causes the computer to execute 
processing pertaining to a consistency inspection 
procedure for comparing the first status of the informa- 
tion system with the second status of the information 
system, to thereby determine 

(1) an inconsistent matter, 

(2) consistent matters; that is, consistent matters 
which pertain to only the first status of the informa- 
tion system but not to the second status of the 
same, and consistent matters which pertain to only 
the second status of the information system but not 
to the first status of the same, as well as to thereby 
separate the inconsistent matter from the consist- 
ent matters; 

processing pertaining to a display procedure for 
displaying the inconsistent matter and inputting a choice 
made by the user; and 

processing pertaining to a synthesis procedure for 
merging the consistent matters with a result of choice 
made by the user. 

[0025] The invention also provides a computer-read- 
able recording medium in which is recorded a program 
for causing a computerto execute processing pertaining 
to an integration step in the method of ascertaining the 
status of an information system defined in claim 7, 
wherein 

the program causes the computer to execute 
processing pertaining to a consistency inspection 
procedure for comparing the first status of the informa- 
tion system with the second status of the information 
system, to thereby determine 

(1) an inconsistent matter, 

(2) consistent matters; that is, consistent matters 
which pertain to only the first status of the informa- 
tion system but not to the second status of the 



same, and consistent matters which pertain to only 
the second status of the information system but not 
to the first status of the same, as well as to thereby 
separate the inconsistent matter from the consist- 
5 ent matters; 

processing pertaining to a display procedure for 
displaying the inconsistent matter and inputting a choice 
made by the user; and 
10 processing pertaining to a synthesis procedure for 

merging the consistent matters with a result of choice 
made by the user. 

[0026] By means of the inventions, the computer can 
activate a computer as the integration device, and 
^5 hence there is yielded the same working-effect as that 
yielded by the integration device. 

Brief Description of tlie Drawings 

20 [0027] 

Fig. 1 is a flowchart showing operations pertaining 
to a method of ascertaining the status of an infor- 
mation system according to a preferred embodi- 
es ment of the invention; 

Fig. 2 is a constitutional block diagram showing the 
configuration of an integration device according to 
the preferred embodiment of the invention; 
Fig. 3 is a descriptive view showing the mode of uti- 
30 lization of a computer operating as an integration 
device; 

Fig. 4 is a descriptive view showing an example sta- 
tus for describing an operation for merging informa- 
tion system statuses; and 
35 Fig. 5 is a descriptive view showing an example of 
an information asset table. 

Detailed Description of Preferred Embodiments 

40 [0028] Preferred embodiments of the invention will be 
described hereinbelow by reference to the accompany- 
ing drawings. 



45 



First Embodiment 



[0029] In the embodiment, there will be described a 
status ascertainment method for ascertaining the status 
of an information system of a certain organization when 
a security policy is to be established for the system. As 

50 described in connection with Japanese Patent Applica- 
tion Laid-Open No. 167345/2000, the expression "or- 
ganization" employed herein signifies, in addition to en- 
terprises, any of various legal entities, such as corpora- 
tion aggregates or foundations, federal or municipal 

55 agencies, and non-profit organizations such as town as- 
sociations or circles. 

[0030] Ascertainment of status of the information sys- 
tem is required in various instances. 
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[0031 ] For instance, an invention relating to establisin- 
ment of a security policy is proposed in Japanese Patent 
Application Laid-Open No. 167345/2000. At the time of 
establishnrient of a security policy, the status of the in- 
formation system must be ascertained. In relation to 
Japanese Patent Application Laid-Open No. 
1 67345/2000, the status of the information system is ac- 
quired by submitting inquiries to members of an organ- 
ization. 

[0032] In the present specification, there is proposed 
a method for determining the ultimate status of an infor- 
mation system of an organization, by means of merging 
the status of an information system acquired through 
submission of inquiries to the members of the organiza- 
tion and the status of the information system acquired 
through use of various tools. This method enables more 
quick ascertainment of status of the information system, 
by virtue of use of two ascertainment results; that is, a 
result of status ascertainment of an information system 
performed through use of various tools, and a result of 
status ascertainment of the information system effected 
by utilization of inquiries submitted to members of the 
organization. 

[0033] As a matter of course, if a security policy is es- 
tablished on the basis of the thus-obtained ultimate sta- 
tus of the information system, the security policy can be 
established more quickly. 

[0034] Various conventional approaches can be 
adopted as an approach for establishing a security pol- 
icy. In particular, utilization of the method that has been 
proposed by the present inventor in Japanese Patent 
Application Laid-Open No. 167345/2000 is preferable. 

Basic Operation 

[0035] Fig. 1 shows a flowchart representing opera- 
tions pertaining to a method of ascertaining the status 
of an information system of the embodiment. 
[0036] As illustrated, in step S1-1 , inquiries are sub- 
mitted to members of the organization, and answers are 
acquired. 

[0037] In step SI -2, the status of the information sys- 
tem is virtually established on the basis of the thus-ac- 
quired answers. As a result, the status of the information 
system is ascertained on the basis of the thus-acquired 
answers. Operations pertaining to steps S1-1 and SI -2 
are the same as those performed under the method de- 
scribed in Japanese Patent Application Laid-Open No. 
167345/2000. 

[0038] In step SI -3, the information system is inves- 
tigated by use of various inspection tools, such as a net- 
work analyzer. On the basis of a result of inspection, the 
status of the information system is ascertained. 
[0039] In step S1 -4, the status of the virtual informa- 
tion system established in step S1-2 and the status of 
the information system ascertained in step SI -3 are 
merged. 

[0040] In step SI -5 a security policy is established on 



the basis of the status of the information system that has 
been merged in step 81-4. Here, the security policy to 
be established may be a draft. An operation pertaining 
to step S1-5 is identical with that performed under the 
5 method proposed in Japanese Patent Application Laid- 
Open No. 167345/2000. 

[0041] In the embodiment, the status of the informa- 
tion system is grasped by utilization of inquiries and an- 
swers thereto, as well as by utilization of a result of in- 

fo spection performed through use of various tools, there- 
by enabling more accurate ascertainment of the status 
of the information system. 

[0042] Further, there is obviated a necessity for sub- 
mitting inquiries to items which can be investigated 

^5 through use of various tools, and hence time can be 
saved, thereby enabling prompt ascertainment of the 
status of an information system. Similarly, a required 
number of inquiries is reduced, and hence the burden 
to be imposed on members of the organization (i.e., the 

20 burden of providing answers to inquiries) can be dimin- 
ished. 

Respective Inspection Tools 

25 [0043] Various computer programs for ascertaining 
the status of the information system can be utilized as 
inspection tools. A program of this type has hitherto 
been known, and is called a security analyzer. 

30 (1) For example, a program called a network host 
scanner has hitherto been known. A network host 
scanner usually has the following features: 

Various devices provided on the network are 
35 searched, and a list of the found devices is out- 

put. 

The thus-searched devices are subjected to 
port retrieval as to what kind of TCP/IP service 
is valid, and a result of retrieval is output. 
40 . An inspection is conducted in relation to wheth- 
er or not the thus-found devices are currently 
operating effectively. 

There is acquired session information as to who 

connects to various resources and the extent 
45 to which the resources are connected. 

(2) A so-called security hole inspection tool has also 
known hitherto. The security hole inspection tool is 
a program for finding a security hole of respective 
50 devices provided on the network. The program is 
sometimes used for so-called system audit. In gen- 
eral, the security hole inspection tool is used for de- 
tecting a security hole in a WEB server, an FTP 
server, or a MAIL server located on the network. 
55 The program also has the function of automatically, 
periodically carrying out such an inspection opera- 
tion. 

In addition to the program for effecting an in- 
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spection by way of a network, there is also known 
a progrann to be installed in the host which is an ob- 
ject of inspection. For instance, there is also known 
a program for conducting an inspection as to wheth- 
er or not settings of a database pose no problem. 
This program is often called a database scanner. 
(3) Use of a program called a risk analysis tool for 
inspection of status of an information system is also 
preferable. 

Integration Processing 

[0044] Through integration processing pertaining to 
step SI -4, the information system statuses grasped by 
the foregoing two approaches are merged. In the em- 
bodiment, integration processing is carried out by use 
of an integration device 10 shown in Fig. 2. 
[0045] First, an information system status 12 (herein- 
after referred to as a "first status 1 2") based on answers 
to inquiries, and an information system status 14 (here- 
inafter referred to as a "second status 14") obtained by 
an investigation tool are supplied to consistency inspec- 
tion means 16. The consistency inspection means 16 
compares the two statuses with each other, and incon- 
sistencies are supplied to display means 18. The con- 
sistency inspection means 16 collectively stores con- 
sistencies (i.e., portions of the statuses which are deter- 
mined not to be inconsistent) into an integration result 
22. In this way, the consistent portions are supplied to 
synthesis means 20. 

[0046] The display means 1 8 is means to be used for 
displaying inconsistencies to the user and for entering 
a choice made by the user (i.e., a selected status). 
[0047] According to the embodiment, inconsistencies 
are displayed for the user, and hence the user can as- 
certain inconsistencies. In the embodiment, the user 
can select one of the first and second statuses 12, 14 
which is correct, upon glancing at the display of the in- 
consistencies, and enter the thus-selected status. The 
display means 18 supplies the status selected by the 
user to the synthesis means 20. 
[0048] The synthesis means 20 combines the thus- 
supplied statuses, thereby preparing a final information 
system status and the integration result 22. 
[0049] In the manner as mentioned above, the inte- 
gration device 1 0 can merge the first status 1 2 and the 
second status 14. Preferably, the integration device 10 
is constituted of a program for carrying out such an op- 
eration, and a computer which runs the program. Fig. 3 
provides a descriptive view of a mode of utilization of 
such a computer. As illustrated, a computer 1 00 has in- 
ternal storage means 1 02, and the program is stored in 
the storage means 102. The program causes the com- 
puter 1 00 to serve as the integration device 1 0. For ex- 
ample, the consistency inspection means 16, the dis- 
play means 1 8, and the merging means 20 are embod- 
ied by use of programs which execute their operations. 
[0050] In particularly, the display means 18 displays 



inconsistencies to the user by use of a display 104 of 
the computer 100, The user selects any one from the 
inconsistent statuses and enters the choice by way of a 
pointing device such as a mouse 106 of the computer 
5 100. As a matter of course, entry of the user's choice 
(selected status) is also preferably carried out through 
use of a keyboard. 

[0051] The storage means 1 02 corresponds to an ex- 
ample of a computer-readable recording medium de- 
scribed in claims. In addition to a hard disk drive, any 
type of recording medium may be employed; e.g., opti- 
cal disks such as DVDs or CD-ROIVIs, magnetic disks, 
and semiconductor storage means such as flash mem- 
ory, so long as the medium can store a program. 

Second Embodiment 

[0052] An example of integration processing is de- 
scribed by reference to a specific example. 

(1) Fig. 4-1 shows a table representing the status 
of an infonnation system as determined from inquir- 
ies and answers thereto (i.e., a first status). Fig. 4-2 
shows a table representing the status of an infor- 
mation system as obtained by means of various 
tools (i.e., a second status). Fig. 4-3 shows the ta- 
bles in a single table. In the first step of integration 
processing, there is prepared one table in which are 
described a first status obtained through inquiries 
and a second status obtained by means of the tools. 
The consistency inspection means 16 of the inte- 
gration device 10 performs the preparation opera- 
tion. 

(2) Extraction of Inconsistencies 
As shown in Fig. 4-3, "four characters" is ob- 
tained in answer to an inquiry about the "Number of 
Password Characters." In contrast, "eight charac- 
ters" is obtained as the "Number of Password Char- 
acters" as a result of inspection performed by vari- 
ous tools. Consequently, the answers are inconsist- 
ent with each other. The number of Password char- 
acters can be examined by means of a tool called, 
e.g., a host scanner. 

As shown in Fig. 4-3, "First WEB sen/er" is ob- 
tained in answer to an inquiry about a "Name of the 
Host." The "Name of the Host" obtained as a result 
of inspection performed by use of tools is also "First 
WEB server." Hence, the answers in relation to this 
item are consistent with each other. 

In the next step, inconsistent items are selected 
from the table shown in Fig. 4-3. The consistency 
inspection means 16 of the integration device 10 
performs this selecting operation. 

(3) Display of inconsistent items and entry of an in- 
struction (choice) performed by the user in re- 
sponse to the display 

Next, the display means 18 displays inconsist- 
ent Items to the user. The user can instruct selection 
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of any one in connection with an inconsistent itenn. 
The display means 1 8 enters the instruction and 
supplies it to the synthesis means 20. 

For instance, the user can deternnine that the 
answerer has nnisunderstood and that "eight char- 
acters" examined by the tool is correct. In this case, 
"eight characters" is selected as the "number of 
password characters." If the answer provided by the 
answerer is determined to be incorrect in the man- 
ner set forth, making an amendment on the answer 
is also preferable. In other words, when the user has 
selected a result examined by the tool, the answer- 
er's answer is modified so as to match the result of 
the examination performed according to the rule. A 
program is preferably constructed so as to perform 
such an operation. 

If the user encounters difficulty in determining 
which one of the results is correct, another inquiry 
may be submitted, in view that, there is a chance of 
the inconsistencies being solved by another inquiry. 
(4) Synthesis Processing 

When the user has selected any one of the re- 
sults, the instruction pertaining to the choice is de- 
termined to be the finally-determined status of the 
information system. 

In connection with the items forwhich no incon- 
sistencies are found, the items are adopted as a fi- 
nal status of the information system. For this rea- 
son, the consistent items and the items instructed 
by the user must be merged, Such synthesis 
processing is performed by the synthesis means 
20. Consequently, a result such as that shown in 
Fig. 4-4 is obtained. Under the status of the infor- 
mation system shown in Fig. 4-4, the answer ob- 
tained in response to the item for which no incon- 
sistencies have arisen; that is, "Name of the Host," 
is adopted in its unmodified form. In contrast, the 
answer "eight characters" selected by the user is 
adopted as a final status in connection with the item 
forwhich inconsistencies have arisen. The results 
are as provided in Fig. 4-4. 

As mentioned above, according to the second 
embodiment, the status of the information system 
can be ascertained more accurately. 

Third Embodiment 

[0053] The status of the information system can be 
ascertained in various forms. For instance, preparation 
of an information asset table is one mode of ascertain- 
ment of the information system status. Here, the infor- 
mation asset table is a table in which details of servers 
and clients of the information system are described. An 
example information asset table is shown in Fig. 5. The 
table may sometimes be called an information asset da- 
tabase. 

[0054] Storage of information about all information as- 
sets in one information assettable is not efficient. In gen- 



eral, a pointer 30 to be used for pointing to an external 
file is present in the table. In a case where an information 
asset is a server, indication of the location of a segment 
in which the server offers service in the form of an ex- 

5 ternal file (designated by a reference numeral; e.g., 
30a). In a case where the information asset is a client, 
indication of information as to an object of an access 
right granted to the client in the form of an external file 
(designated by a reference numeral; e.g., 30b) is pref- 

10 erable. 

[0055] As mentioned, parameters to be managed 
change from one information asset to another informa- 
tion asset. With a view toward absorbing such a change, 
the pointer 30 to be used for indicating an external file 
^5 is utilized. As a matter of course, an actual information 
assettable is more complicated. Here, a simple exam- 
ple of an information asset table is provided. 
[0056] Individual fields of the table shown in Fig, Swill 
now be described. Here, "Designation" indicates the 
20 name of an information asset; and "Location" means a 
zone or segment where the Information asset is present. 
Here, "Owner" means a person who manages the infor- 
mation asset; and "Availability" indicates whether or not 
the information asset is available. "IP address" means 
25 a so-called "IP address"; and "Sub-net mask" means a 
sub-net mask. "Server" is a flag which is appended "O" 
when the information asset is a server and "X" when the 
information asset is not a server. "Client" is a flag which 
is appended "O" when the information asset is a flag and 
30 "X" when the information asset is not a flag. "External 
file" means a pointer to be used for indicating an external 
file representing other information. 
[0057] An example in which such an information asset 
table is prepared as the status of an information system 
35 will be described hereinbelow. 

(1) As has been described in connection with Fig. 
1 , inquiries are submitted to members of an organ- 
ization. On the basis of answers to the inquiries, de- 
40 tails of the information asset table described in con- 
nection with Fig. 5 can be entered to a certain ex- 
tent. The thus-prepared information asset table de- 
scribes the status of the infomiation system ob- 
tained through the inquiries (i.e., a first status). 

45 

[0058] Entry of all the details of the information asset 
table on the basis of only inquiries and answers thereto 
becomes prone to involving a very large amount of work. 
For instance, the status of the information system relat- 
50 ing to an IP address and a sub-net mask can be ascer- 
tained more efficiently by automatic collection using 
tools as compared with a case where these items are 
ascertained by submission of inquiries to the members 
of the organization. 
55 [0059] If details of the information asset table are en- 
tered with use of tools, as well as details of the informa- 
tion asset table obtained on the basis of inquiries and 
answers thereto, the status of the information system 
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can be ascertained more efficiently. 
[0060] Tliese operations are achieved by mere addi- 
tion of tlie status of the information system (the second 
status) obtained by the tools to the status of the infor- 
mation system acquired through inquiries (the first sta- 
tus). 

[0061] The configuration of a network can be gener- 
ally ascertained from two aspects; that Is, a physical 
configuration and a logical configuration. 
[0062] Here, the physical configuration signifies a 
mere physical connection relationship, such as which 
zone a given server and a given client pertain to. Further, 
a logical configuration signifies a location connection re- 
lationship, such as which client receives service from 
which server. 

[0063] In general, such a physical configuration can 
be readily inspected through use of various tools. As a 
result, examining "Location," "IP address," "Sub-net 
mask," "Server," and "Client" provided in the table 
shown in Fig. 5 through use of tools is efficient. 
[0064] In many cases, ascertaining a logical configu- 
ration from answers to inquiries submitted to members 
of an organization Is preferable. Consequently, ascer- 
taining "Owner" and a file for which an access right is 
represented by "External file," both being provided in the 
table shown in Fig. 5, byway of answers to inquiries is 
efficient. 

[0065] In this way, information about some portion of 
the status of the information system is obtained efficient- 
ly and accurately by means of an inspection operation 
using tools. In contrast, some portion of the information 
system status is not efficiently ascertained from an- 
swers to inquiries. Consequently, acquisition of respec- 
tive information items using preferably approaches final- 
ly results in acquisition of a correct, efficient result. 
[0066] The third embodiment shows an example in 
which the status of the information system (i.e. , the sec- 
ond status) obtained by tools is added to the status of 
the information system obtained from answers to the in- 
quiries (i.e., the first status). 

[0067] The operation described thus far is preferably 
performed by the integration system shown in Fig. 2. 
[0068] In this case, the consistency inspection means 
16 handles items which pertain to only the first status 
and not to the second status; that is, items which are 
obtained from inquiries and answers thereto but not by 
inspection tools, as being consistent. Similarly, the con- 
sistency inspection means 16 handles items which per- 
tain to only the second status and not to the first status; 
that is, items which are obtained by only inspection 
tools, as being consistent. Consequently, the consistent 
items are sent to the synthesis means 20 as they are. 
The synthesis means 20 simply merges received sta- 
tuses, thereby preparing an information asset table such 
as that shown in Fig. 5. 

[0069] As has been described, as a matter of course, 
ascertaining asingle item (e.g., the number of password 
characters) on the basis of an answerto an inquiry while 



examining the same with use of tools is preferable. The 
reason for this is that ascertainment of a more accurate 
status can be expected. Operation to be performed in 
this case is substantially identical with that described in 

5 connection with the second embodiment. In this case, 
two results are obtained in connection with a single item. 
Hence, if the two results are inconsistent with each oth- 
er, the consistency inspection means 1 6 extracts an in- 
consistent item and sends the thus-extracted item to the 
display means 18. The display means 18 displays in- 
consistencies to the user, and one selected from the in- 
consistencies by the user is delivered to the synthesis 
means 20, When two items are consistent with each oth- 
er, the items are handled, in their present form, as a sta- 

^5 tus which is finally ascertained. 

[0070] Finally, the synthesis means 20 merges the fol- 
lowing statuses. 

A status selected by the user in connection with an 
20 inconsistent information item which pertains to both 
the status selected by the user from the status ob- 
tained on the basis of answers to inquiries and the 

status obtained by tools. 

A consistent status pertaining to both the status se- 
25 lected by the user from the status obtained on the 
basis of answers to inquiries and the status ob- 
tained by tools. 

A status obtained from only answers to inquiries or 
a status obtained with use of only tools. 

30 

[0071] Among three types of statuses, the latter two 
types of statuses are handled as "consistent statuses" 
by the consistency inspection means 1 6, and the sta- 
tuses are delivered to the synthesis means 20. 
35 [0072] In this way, as a result of the synthesis means 
20 merging these statuses, the information system sta- 
tus is ascertained in an efficient and accurate manner. 
[0073] In the second and third embodiments, the op- 
eration of the integration device 1 0 has been described 
40 by reference to a specific example. However, the oper- 
ation of the integration device 10 described herein is 
preferably implemented by a combination of the compu- 
ter 1 00 and a program for causing the computer 1 00 to 
perform these operations. The synthesis means 20 and 
45 the consistency inspection means 16 are implemented 
by a program for performing operation of these means. 
The display means 1 8 is basically identical with that de- 
scribed in connection with the first embodiment. Such a 
way of utilizing a computer has already been described 
50 in connection with Fig. 3. 

[0074] As has been described, according to the inven- 
tion, the status of an information system ascertained 
through inquiries and the status of the information sys- 
tem ascertained through use of an inspection tool are 
55 merged. Hence, the status of the information system 
can be accurately ascertained within a short period of 
time. 

[0075] According to the invention, inconsistencies of 
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the status are displayed. Hence, a user can efficiently 
obtain material to be used for rendering a determination 
at the time of performing a selection. 
[0076] To provide a method for enabling faster, accu- 
rate ascertainment of status of an information system 
through use of inquiries submitted to members of an or- 
ganization and an approach other than the inquiries. In 
step SI -1 , inquiries are submitted to members of an or- 
ganization, and answers to the inquiries are obtained. 
In step SI -2 the status of the information system is as- 
certained on the basis of the answers. In step S1 -3, the 
information system is examined through use of an in- 
spection tool through use of a network analyzer, thereby 
ascertaining the status of the information system. In step 
SI -4, the status of the information system ascertained 
in step S1-2 and the status of the information system 
ascertained in step S1-3 are merged. In step 81-5, on 
the basis of the thus-merged status of the information 
system, a security policy is established. The status of 
the information system is ascertained by utilization of 
inquiries and the result of inspection perfomned by use 
of the tool. Hence, the status of the information system 
can be ascertained accurately. 



Claims 

1 . Amethod for ascertaining the status of an informa- 
tion system, comprising: 

a first step of ascertaining a first status of an 
information system by submitting inquiries to 
members of an organization and ascertaining 
the status of the information system of the or- 
ganization on the basis of answers to the inquir- 
ies; 

a second step of ascertaining a second status 
of the information system by inspecting the sta- 
tus of the information system of the organiza- 
tion through use of an inspection tool of the in- 
formation system and ascertaining the status of 
the information system on the basis of a result 
of the inspection; and 

an integration step of merging the first informa- 
tion system status and the second information 
system status, thereby establishing the status 
of the information system of the organization, 
wherein 

the integration step comprises 

a consistency inspection step of compar- 
ing the first information system status with the 
second information system status and separat- 
ing an inconsistent matter from consistent mat- 
ters; 

a display step of displaying the inconsist- 
ent matter and enabling entry of a choice made 

by the user in connection with the inconsistent 
matter, thereby obtaining a result selected by 



the user; and 

a synthesis step of merging the consist- 
ent matters and the result of selection made by 
the user. 

5 

2. The method for ascertaining the status of an infor- 
mation system according to claim 1 , wherein 

the inspection tool is a program for inspecting 
the configuration of the information system. 

10 

3. A method for establishing a security policy on the 
basis of a status ascertained by the method of as- 
certaining the status of an information system ac- 
cording to claim 1 or 2. 

15 

4. An integration device for perfonning processing 
pertaining to an integration step in the method of 
ascertaining an information system according to 
claim 1 , comprising: 

20 

consistency inspection means which compares 
a first status of the information system with a 
second status of the information system, there- 
by separating an inconsistent matter from con- 

25 sistent matters; 

display means for displaying the inconsistent 
matter and enabling a user to enter a choice 
with regard to the inconsistent matter; and 
synthesis means for merging the consistent 

30 matters with a result of choice made by the us- 

er. 

5. A program for causing a computer to execute 
processing pertaining to an integration step in the 

35 method for ascertaining the status of an information 
system defined in claim 1 , wherein the program 
causes the computer to execute 

processing pertaining to a consistency in- 
spection procedure for comparing a first status of 
40 the information system with a second status of the 
information system, thereby separating an incon- 
sistent matter from consistent matters; 

processing pertaining to a display procedure 
for displaying the inconsistent matter and inputting 
45 a choice made by the user; and 

processing pertaining to a synthesis proce- 
dure for merging the consistent matters with a result 
of choice made by the user. 



50 6. A computer-readable recording medium in which is 
recorded a program for causing a computer to ex- 
ecute processing pertaining to an integration step 
in the method of ascertaining the status of an infor- 
mation system defined in claim 1 , wherein 

55 the program causes the computer to execute 

processing pertaining to a consistency in- 
spection procedure for comparing a first status of 
the information system with a second status of the 
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information system, thereby separating an incon- 
sistent matter from consistent matters; 

processing pertaining to a display procedure 
for displaying the inconsistent matter and inputting 
a choice made by the user; and 5 

processing pertaining to a synthesis proce- 
dure for merging the consistent matters with a result 
of choice made by the user. 

7. A method of ascertaining the status of an informa- io 
tion system including: 

a first step of submitting inquiries to members 
of an organization and ascertaining the status 
of an information system of the organization on 
the basis of answers to the inquiries; 
a second step of examining the status of the 
information system of the organization through 
use of an information system inspection tool, 
thereby ascertaining the status of the informa- 20 
tion system of the organization on the basis of 
a result of the inspection; and 
an Integration step of merging a first status of 
the information system and a second status of 
the information system, thereby establishing 25 
the status of the information system of the or- 
ganization, wherein 
the integration step comprises 

a consistency inspection step of compar- 
ing the first status of the information system 30 
with the second status of the information sys- 
tem, to thereby determine 

(1) an inconsistent matter, 

(2) consistent matters; that is, consistent 35 
matters which pertain to only the first status 

of the information system but not to the 
second status of the same, and consistent 
matters which pertain to only the second 
status of the information system but not to 40 
the first status of the same, as well as to 
thereby separate the inconsistent matter 
from the consistent matters; 

a display step of displaying the inconsist- 
ent matter and enabling a user to enter a choice 
with regard to the inconsistent matter; and 

a synthesis step of merging the consist- 
ent matters with a result of choice made by the 
user. 50 

8. A method of establishing a security policy on the 
basis of a status ascertained by means of the meth- 
od of ascertaining information system defined in 
claim 7. ss 

9. An integration device for performing processing 
pertaining to an integration step in the method of 



ascertaining an information system according to 
claim 7, comprising: 

consistency inspection means for comparing 

the first status of the information system with 
the second status of the information system, to 
thereby determine 

(1) an inconsistent matter, 

(2) consistent matters; that is, consistent- 
matters which pertain to only the first status 
of the infonnation system but not to the 
second status of the same, and consistent 
matters which pertain to only the second 
status of the information system but not to 
the first status of the same, as well as to 
thereby separate the inconsistent matter 
from the consistent matters; 

display means for displaying the Inconsistent 
matter and enabling a user to enter a choice 
with regard to the inconsistent matter; and 
synthesis means for merging the consistent 
matters with a result of choice made by the us- 
er. 

10. A program for causing a computer to per form 
processing pertaining to an integration step in the 
method for ascertaining the status of an information 
system as defined in claim 7, wherein 

the program causes the computer to execute 
processing pertaining to a consistency in- 
spection procedure for comparing the first status of 
the Infomnation system with the second status of the 
information system, to thereby determine 

(1) an inconsistent matter, 

(2) consistent matters; that is, consistent mat- 
ters which pertain to only the first status of the 
information system but not to the second status 
of the same, and consistent matters which per- 
tain to only the second status of the information 
system but not to the first status of the same, 
as well as to thereby separate the inconsistent 
matter from the consistent matters; 

processing pertaining to a display procedure 
for displaying the Inconsistent matter and inputting 
a choice made by the user; and 

processing pertaining to a synthesis proce- 
dure for merging the consistent matters with a result 
of choice made by the user. 

1 1 . A computer-readable recording medium in which is 
recorded a program for causing a computer to ex- 
ecute processing pertaining to an integration step 
in the method of ascertaining the status of an infor- 
mation system defined in claim 7, wherein 
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the program causes the computer to execute 

processing pertaining to a consistency in- 
spection procedure for comparing the first status of 
the information system with the second status of the 
information system, to thereby determine s 

(1) an inconsistent matter, 

(2) consistentmatters; that is, consistentmat- 
ters which pertain to only the first status of the 
information system but not to the second status io 
of the same, and consistent matters which per- 
tain to only the second status of the information 
system but not to the first status of the same, 

as well as to thereby separate the inconsistent 
matter from the consistent matters; ^5 

processing pertaining to a display proce- 
dure for displaying the inconsistent matter and 
inputting a choice made by the user; and 

processing pertaining to a synthesis pro- 
cedure for merging the consistent matters with 20 
a result of choice made by the user. 
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